If you don’t follow ITIL for IT Service Management, you’ll be continually asked to explain why not. And when that question comes from your enterprise Board of Directors and its auditors, you’ll want to have a very, very good answer.
ITIL is, by far, the most widely recognized body of best-practice for IT Service Management. From its inception, ITIL has always stressed that it is not a standard for IT Service Management, nor is it prescriptive – it doesn’t tell you what you must do.
ITIL lays out an overall suggested architecture for IT Service Management in terms of 5 “phases” or domains – Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement, and provides a set of inter-related supporting processes designed to enable the fulfillment of the goals of the five domains and IT Service Management as a whole.
A phrase often used by consultants helping IT organizations with IT Service Management is that ITIL should be “adapted not adopted”. While they are correct in saying that ITIL should not be followed slavishly, good consultants also stress the need to document any diversions from ITIL’s recommendations.
One reason for noting the differences is that most people in the IT world have been exposed to ITIL. They expect that the terminology set you use (Incident, Problem, Service Request, etc.), the purpose and scope of processes, the responsibilities of various roles, etc., are as ITIL documents them.
What you didn’t have to do was justify those differences to your staff and people you hire. However, should your enterprise Board of Directors or their auditors ask about the differences, they will expect solid rationales to support those differences.
But why do they want to know the differences and why will they want a justification? Why will they even be aware of ITIL at all?
The answer is tied to their Governance obligations.
The Board of Directors of your enterprise (be it a publically-traded corporation, a government agency or a not-for-profit organization) is held accountable for overall Corporate Governance by regulators and other stakeholders.
Corporate Governance in virtually all major arenas is based on the principle of compliance through the adoption of recognized best-practice or a thorough explanation of why those best-practices are not suitable for the enterprise.
Bypassing best-practice and not being able to satisfactorily defend the rationale for bypassing it is considered non-compliance. And non-compliance is something that your Board is very loath to expose themselves to. The bottom line for them is that following best-practice is a lot safer.
Part of Corporate Governance is IT Governance – and as Cobit 5 and ISO/IEC 38500 point out, it is a clear responsibility of the Board of Directors. And just as they are expected to follow the best-practice “adopt or explain” principle in their world, they will expect it in yours.
They (and their auditors) will expect their IT department will be employing recognized best-practice for IT Service Management – ITIL. And they will expect solid, defensible explanations of every diversion you make from ITIL, be it terminology, process purpose/scope or role responsibilities.
So while there is absolutely no obligation for you to follow ITIL best-practices, and there indeed may be very solid reasons for diverting from them in one aspect or another, please remember that you will be called upon to justify those diversions to the satisfaction of your auditors and ultimately to your enterprise
The bottom line for the IT department is that unless you are fully confident that you can defend diversions from ITIL, your smartest course of action is to follow it.